From e-commerce and video-conferencing to messaging friends and colleagues, we take the encryption, and thus the security, of our digital communications for granted. However, while it ensures our privacy, it is also exploited by criminals to evade detection, for example those plotting terrorist atrocities or exchanging child sexual exploitation and abuse material (CSEA). The dilemma – whether to maintain privacy or tackle crime facilitated online – underlies the opposing and often stridently expressed views about encryption. As messaging platforms roll-out end-to-end encryption (E2EE), where not even service providers can decipher messages sent over their systems, law enforcement agencies have sought to preserve their covert ability to observe our communications. The UK’s latest proposals, in amendments to the government’s flagship Online Safety Bill, have aroused fierce industry and privacy group opposition. The ongoing difficulty in resolving the privacy versus safety conundrum in part arises from a failure to level with the public about the trade-offs involved.
BCL’s Julian Hayes and Andrew Watson’s article ‘’Preparing for the worst but operating at our best – Reform of the NIS Regulations’’ has been published by The Barrister. In the article they discuss the regulations and look into the challenges for the reforms in the face of increased online threats.
With cybercrime rates doubling since 2019, and ransomware tripling since 2020, the UK government is seeking to bolster the nation’s cyber defences, publishing the National Cyber Strategy 2022 and enhancing the four-year-old Network and Information Systems Regulations (‘NIS Regulations’). BCL’s Julian Hayes and Andrew Watson discuss the NIS regulations and look into the challenges for the reforms of the NIS regulations in the face of increased online threats.
BCL partners, Michael Drury and Julian Hayes discuss the implementation of the much delayed UK-US data sharing agreement (Cloud Act) and examine the wider impact its provisions will have on criminal investigations across the globe.
BCL partner Julian Hayes’s article examining the new Children’s Code that came into effect this month as part of the Government’s wider campaign to protect children from online harms has now been published by Police Professional.
It was an open secret that the UK government and GDPR made uneasy bedfellows. Back in 2018, Dominic Cummings, Downing Street’s former chief advisor derided the European data protection paradigm as “horrific”, and looked forward to binning it. In 2020, Boris Johnson voiced his desire for a separate and independent data protection policy, and in May 2021, a deregulation task force commissioned by the Prime Minister called for the replacement of the UK GDPR (which is essentially identical to the EU GDPR) with a framework of British data rights. It therefore came as little surprise when, last week, the government issued a wide-ranging consultation on changes to the UK’s data protection regime in a self-proclaimed dash for data-driven economic growth.
Neither blessed with a catchy title nor immediately in force, the Age Appropriate Design Code grabbed few headlines when it was issued by the Information Commissioner (ICO) in 2020. Now re-badged as the Children’s Code and in force from 2 September 2021, it is being feted as an early blow in the UK government’s wider campaign against online harms and in particular the risks to the privacy of minors. Broadly drawn, both in terms of the online service providers affected and its geographic reach, the Code provides guidance on safeguards for the online treatment of children’s personal data, with compliance underpinned by the potentially severe enforcement powers of the UK GDPR. Sensing the way the wind was blowing, the tech titans had already modified their services, spurring calls for similar measures in other countries. Misgivings over the ambit and practical impact of the Code remain, however, particularly in relation to the thorny issue of age-verification.